Loknadh Ravineni

Loknadh Ravineni

  • NA
  • 62
  • 1.2k

How to limit the number of requests per user to a page

Oct 27 2019 1:00 AM
this is my html code
  1. <asp:TextBox ID="Txtcomments" runat="server" TextMode="MultiLine"></asp:TextBox>  
  2. <br />  
  3. <asp:Button ID="BtnPost" runat="server" Text="Post" OnClick="BtnPost_Click" />  
  4. <br />  
  5. <asp:Label ID="Label1" runat="server" Text=""></asp:Label>  
  6. <br />  
my problem i haave a sample webform like this if a user makes a comment it will save in the database but i had to restrict a particular user like that he should make only 2 comments(requests) within 5 minutes of time if the same user wants to make 3rd comment he should be displaying a message that request limit exceeded
 
first i thought restricting user based on ip but using the below code it blocks all the users of the particular host but not a single user
  1. public partial class webThrottle : System.Web.UI.Page  
  2. {  
  3. public static string date;  
  4. public static string strSessionID="first";  
  5. protected void Page_Load(object sender, EventArgs e)  
  6. {  
  7. }  
  8. protected void BtnPost_Click(object sender, EventArgs e)  
  9. {  
  10. string ipaddress;  
  11. ipaddress = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];  
  12. if (ipaddress == "" || ipaddress == null)  
  13. ipaddress = Request.ServerVariables["REMOTE_ADDR"];  
  14. string SessionID = Session.SessionID;  
  15. var Throttle = new Throttler();  
  16. if (Throttle.RequestShouldBeThrottled(ipaddress))  
  17. {  
  18. Label1.Text = "Access Denied because of Too Many requests";  
  19. TimeSpan span = (Convert.ToDateTime(Throttler.NextAccessDate) - Convert.ToDateTime(DateTime.Now));  
  20. string diff= String.Format("{0} minutes, {1} seconds", span.Minutes, span.Seconds);  
  21. Label4.Text = "Elapsed Time = "+" "+"Try Again After "+diff;  
  22. }  
  23. else  
  24. {  
  25. SqlConnection con = new SqlConnection("Server=DELL-PC; User Id=sa;Password=123;Database=comments");  
  26. con.Open();  
  27. SqlCommand cmd = new SqlCommand("insert into tbl_comments(comment, ipAddress, Date)values(@p1, @p2, @p4)", con);  
  28. cmd.Parameters.AddWithValue("@p1", Txtcomments.Text);  
  29. cmd.Parameters.AddWithValue("@p2", ipaddress);  
  30. date = DateTime.Now.ToString();  
  31. cmd.Parameters.AddWithValue("@p4", date);  
  32. int i = cmd.ExecuteNonQuery();  
  33. if (i > 0)  
  34. {  
  35. Label1.Text = "Your comment has been posted successfully";  
  36. //Label2.Text = " " ;  
  37. //Label3.Text = " ";  
  38. Label4.Text = " " ;  
  39. }  
  40. con.Close();  
  41. }  
  42. }  
  43. }  
  44. public class Throttler  
  45. {  
  46. private int _requestLimit;  
  47. private int _timeoutInSeconds;  
  48. private string _key;  
  49. public static string NextAccessDate;  
  50. public bool RequestShouldBeThrottled(string key, int requestLimit = 5, int timeoutInSeconds = 180)  
  51. {  
  52. _requestLimit = requestLimit;  
  53. _timeoutInSeconds = timeoutInSeconds;  
  54. _key = key;  
  55. ThrottleInfo throttleInfo = (ThrottleInfo)HttpRuntime.Cache[_key];  
  56. if (throttleInfo == null)  
  57. {  
  58. throttleInfo = new ThrottleInfo  
  59. {  
  60. ExpiresAt = DateTime.Now.AddSeconds(_timeoutInSeconds),  
  61. RequestCount = 0,  
  62. };  
  63. NextAccessDate=throttleInfo.ExpiresAt.ToString();  
  64. }  
  65. throttleInfo.RequestCount++;  
  66. HttpRuntime.Cache.Add(_key,  
  67. throttleInfo,  
  68. null,  
  69. throttleInfo.ExpiresAt,  
  70. Cache.NoSlidingExpiration,  
  71. CacheItemPriority.Normal,  
  72. null);  
  73. return (throttleInfo.RequestCount > _requestLimit);  
  74. }  
  75. }  
  76. public class ThrottleInfo  
  77. {  
  78. public DateTime ExpiresAt { getset; }  
  79. public int RequestCount { getset; }  
  80. }  

Answers (4)